IBM Cloud Kubernetes Service

Every cluster is provisioned with a Kubernetes master IBM operates and manages, and worker nodes deployed into the client-owned infrastructure. Your worker nodes are single-tenant and dedicated to you, the client. Manage your worker nodes by using IBM-provided tools for operating system patch deployment, container runtime updates and new Kubernetes versions.

With IBM Cloud Kubernetes Service, you can deploy Docker containers into pods that run on your worker nodes. The worker nodes come with a set of add-on pods to help you manage your containers. Install more add-ons through Helm, a Kubernetes package manager. These add-ons can extend your apps with dashboards, logging, IBM Cloud and IBM Watson® services and more.

In the IBM Cloud Kubernetes Service, you can enable horizontal pod autoscaling to automatically increase or decrease your app pods in response to your workload needs.

You want control and access to compute infrastructure running containerized workloads to ensure your app has the resources it needs. You also want a stable environment for your apps and lower maintenance costs. IBM Cloud Kubernetes Service manages the master, freeing you from having to manage the host OS, container runtime and Kubernetes version-update process.

You can provision block storage for your cluster and use the storage by your application as a persistent data store. IBM Cloud Kubernetes Service provides predefined Kubernetes storage classes you can use to choose the block storage capacity and performance characteristics that meet your application requirements.

The IBM Cloud Kubernetes Service fully integrates with the IBM Cloud platform’s IP addressing, network routing, ACL, load balancing and firewall capabilities. When you deploy standard clusters, you can specify the virtual network for your worker nodes that provide network segmentation and isolation. Every cluster is set up with predefined network policies.

Every cluster is set up as a single-tenant cluster dedicated to you only. To secure the communication between the Kubernetes API server and your worker nodes, the IBM Cloud Kubernetes Service uses an OpenVPN tunnel and TLS certificates, and monitors the master network to detect and remediate malicious attacks. You control user access to cluster resources.

Obtain a private Docker image registry as a service in the platform. Each tenant in the IBM Cloud Container Registry has a private hosted registry, built using Docker v2 registry to secure storage of Docker images in the cloud. Integrated Vulnerability Advisor scans images with IBM® X-Force® Exchange and its ISO27k policy scans live containers and packages.

With IBM Cloud Kubernetes Service, you are in control of your cluster and can implement your own custom Kubernetes scheduling and affinity logic for your Kubernetes deployments.